CVE-2021-26967

Name of the Vulnerable Software and Affected Versions: Aruba AirWave Management Platform versions prior to 8.2.12.0

Description: A remote reflected cross-site scripting (xss) vulnerability was discovered in the web-based management interface of Aruba AirWave Management Platform. This vulnerability could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface.

Recommendations: For versions prior to 8.2.12.0, update to version 8.2.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.